For your convenience, we have listed our most current Suggested Retention Period Guidelines. Please note that this is only a general guide and each state, industry, and company's actual retention period guidelines must be determined individually. Considerations should be federal and state guidelines as well as your own operational needs. You may need to consult your legal advisor for a more detailed retention guide.
Briefly described below are several of the federal laws and their requirements.
Health Insurance Portability & Accountability Act (HIPAA)
This Federal Law passed by Congress in 1996 and the accompanying 2002 regulation known as the Privacy Rule, applies to all health care entities and restricts how health care providers may handle and disclose personal Protected Health Information (PHI). PHI is defined as any identifiable health, medical or demographic information that describes the individual's personal identity. This includes but is NOT limited to name, address, phone number, e-mail, photographs, charts, tests, records etc. In general, health care entities must ensure that only approved personnel handle protected health information and then only for purposes specified in the law and regulation.
Fair and Accurate Credit Transactions Act (FACTA)
Effective June 2005, The Fair and Accurate Credit Transactions Act of 2003 was designed to protect consumers from the increasingly common crime of identity theft. This particular law applies to every business in America that collects customer information to ensure that the information is protected from "unauthorized access or use." In addition, the Disposal Rule requires that when such information is discarded, it must be appropriately destroyed by shredding, burning or pulverizing.
The Gramm-Leach-Bliley Act
This 1999 act was instituted to modernize financial institutions, and businesses that receive personal information in the course of conducting business. This law contains the Financial Privacy Rule, which requires financial institutions to provide their clients with comprehensive privacy notices. The act also includes the Safeguards Rule, which requires financial institutions to establish thorough standards and safeguards for the handling and disclosure of that information.
The Sarbanes-Oxley Act
This act was passed in 2002 in response to many of the corporate and securities fraud violations that were making news at the time. It is extremely detailed, and implements a wide range of requirements that companies must abide by. Within these rules it is clearly defined that the "destruction, alteration, or falsification of records in Federal investigations and bankruptcy," along with the "destruction of corporate audit records" are illegal, and could possibly result in large fines and as many as 10 years of imprisonment.
Shredding documents is not to be taken lightly – if not carefully considered, shredding information can be a devastating mistake. We at Rock Solid are the perfect source for ensuring that your documents are handled properly. We will even send our experts to your location to handle the purging of your important information.
The Economic Espionage Act
This act, passed in 1996, concerns trade secrets and the theft thereof. While it is certain that you would not knowingly try to steal or sell trade secrets, the act does make it clear that large fines and possibly imprisonment await any person or organization who "without authorization copies, duplicates, sketches, draws, photographs, downloads, uploads, alters, destroys, photocopies, replicates, transmits, delivers, sends, mails, communicates, or conveys a trade secret." As this applies to throwing a trade secret in a public garbage lot, shredding information related to trade secrets is extremely important. It is also cost-effective, especially considering that organizations that violate this act can be fined as much as 10 million dollars!